PDA

View Full Version : coin miner with combo fix



nugrohoaldo
2011-10-02, 13:32
Hi i've been trying to remove coin mine and i have tried the combo fix guide for removal and this is my combofix log after its finished.

please please please can someone analyse me and help me ,i really appreciate it as i am a newbie in this matter.


ComboFix 11-10-02.01 - Bailey 02/10/2011 18:10:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.1975.850 [GMT 8:00]
Running from: c:\users\Bailey\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Setup_Atlantica_Lite21410.exe
c:\users\Bailey\AppData\Roaming\.#
c:\users\Bailey\AppData\Roaming\167F.exe
c:\users\Bailey\AppData\Roaming\17F2.tmp
c:\users\Bailey\AppData\Roaming\4C3B.exe
c:\users\Bailey\AppData\Roaming\6394.tmp
c:\users\Bailey\AppData\Roaming\71A9.exe
c:\users\Bailey\AppData\Roaming\7EDF.exe
c:\users\Bailey\AppData\Roaming\9424.exe
c:\users\Bailey\AppData\Roaming\A15D.tmp
c:\users\Bailey\AppData\Roaming\E59D.exe
c:\users\Bailey\AppData\Roaming\F74A.tmp
c:\users\Bailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wuT3.exe
c:\windows\SysWow64\system
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-02 to 2011-10-02 )))))))))))))))))))))))))))))))
.
.
2011-10-02 10:20 . 2011-10-02 10:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-02 09:25 . 2010-07-16 06:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2011-10-02 09:25 . 2010-06-29 02:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2011-10-02 09:25 . 2011-01-17 01:09 334976 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2011-10-02 09:25 . 2010-12-16 00:43 137704 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2011-10-02 09:25 . 2010-12-10 05:24 257232 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2011-10-02 09:25 . 2010-12-16 00:46 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2011-10-02 09:24 . 2011-10-02 10:01 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-10-02 09:24 . 2011-10-02 09:27 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2011-10-02 09:24 . 2011-10-02 09:24 -------- d-----w- c:\users\Bailey\AppData\Roaming\PC Tools
2011-10-02 09:23 . 2011-10-02 09:25 -------- d-----w- c:\programdata\PC Tools
2011-10-02 09:22 . 2011-10-02 09:22 245760 ----a-w- c:\users\Bailey\AppData\Roaming\Nnqqqd.exe
2011-10-02 08:52 . 2011-10-02 08:52 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98B5315A-8A9F-40B5-A382-D743335F35D3}\offreg.dll
2011-10-01 12:13 . 2011-10-01 12:13 -------- d-----w- c:\users\Bailey\AppData\Roaming\Malwarebytes
2011-10-01 12:12 . 2011-10-01 12:12 -------- d-----w- c:\programdata\Malwarebytes
2011-10-01 12:12 . 2011-10-01 12:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-01 12:12 . 2011-08-31 09:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-01 09:15 . 2011-10-01 09:15 -------- d-----w- c:\users\Bailey\AppData\Local\ElevatedDiagnostics
2011-10-01 06:21 . 2011-10-01 06:21 -------- d-----w- c:\users\Bailey\AppData\Local\Apps
2011-10-01 04:57 . 2010-05-15 08:30 458840 ----a-w- c:\windows\system32\drivers\~GLH0023.TMP
2011-10-01 04:57 . 2010-05-15 08:30 458840 ------w- c:\windows\system32\drivers\vsdatant.sys
2011-10-01 04:57 . 2011-10-01 04:57 -------- d-----w- c:\program files (x86)\Zone Labs
2011-10-01 04:57 . 2011-10-01 04:57 -------- d-----w- c:\programdata\CheckPoint
2011-10-01 04:57 . 2011-10-02 09:54 -------- d-----w- c:\windows\Internet Logs
2011-10-01 04:43 . 2011-10-01 04:43 -------- d-----w- c:\program files\CCleaner
2011-09-30 10:12 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98B5315A-8A9F-40B5-A382-D743335F35D3}\mpengine.dll
2011-09-29 14:35 . 2011-09-06 20:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-29 14:35 . 2011-09-06 20:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-29 14:35 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-29 14:35 . 2011-09-06 20:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-29 14:35 . 2011-09-06 20:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-29 14:35 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-29 14:35 . 2011-09-06 20:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-29 14:35 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-29 14:35 . 2011-09-06 20:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-29 14:34 . 2011-09-29 14:34 -------- d-----w- c:\programdata\AVAST Software
2011-09-29 14:34 . 2011-09-29 14:34 -------- d-----w- c:\program files\AVAST Software
2011-09-22 17:16 . 2009-08-27 06:49 92672 ----a-w- c:\windows\system32\Abyssus.cpl
2011-09-22 17:16 . 2010-09-30 16:16 13312 ----a-w- c:\windows\system32\drivers\VKbms.sys
2011-09-22 17:16 . 2010-09-29 12:45 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2011-09-22 17:16 . 2009-10-30 02:53 10880 ----a-w- c:\windows\system32\drivers\Abyssus.sys
2011-09-22 17:16 . 2011-09-22 17:16 -------- d-----w- c:\program files (x86)\Razer
2011-09-21 10:47 . 2011-09-21 10:48 -------- d-----w- c:\users\Bailey\AppData\Roaming\Canon
2011-09-06 18:21 . 2011-09-06 18:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-06 18:19 . 2011-09-06 18:19 -------- d-----w- c:\program files\iTunes
2011-09-06 18:19 . 2011-09-06 18:19 -------- d-----w- c:\program files (x86)\iTunes
2011-09-06 18:19 . 2011-09-06 18:19 -------- d-----w- c:\program files\iPod
2011-09-06 18:17 . 2011-09-06 18:17 -------- d-----w- c:\program files\Bonjour
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-22 17:12 . 2011-05-19 16:05 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-04 10:26 . 2011-08-04 10:26 53248 ----a-r- c:\users\Bailey\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
2011-07-22 05:42 . 2011-08-10 19:02 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-10 19:02 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-10 19:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-10 19:02 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-10 19:02 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-10 19:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-10 07:25 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-10 07:25 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-10 07:25 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-10 07:25 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-10 07:25 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-10 07:25 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-10 07:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-10 07:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-10 07:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-10 07:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-10 07:25 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 07:25 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 07:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-10 07:25 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-10 07:25 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 07:25 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 07:25 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 07:25 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 03:34 . 2011-07-12 03:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 03:34 . 2011-07-12 03:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 03:34 . 2011-07-12 03:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 03:34 . 2011-07-12 03:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 03:20 . 2011-07-12 03:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 03:20 . 2011-07-12 03:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 03:20 . 2011-07-12 03:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 03:20 . 2011-07-12 03:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-09 05:26 . 2011-08-24 06:57 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 04:29 . 2011-08-24 06:57 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-09 02:46 . 2011-08-10 07:25 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 10:37 . 2011-07-05 10:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 10:37 . 2011-07-05 10:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files (x86)\ooVoo_Chat\tbooVo.dll" [2009-10-01 2166296]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
2009-10-01 09:29 2166296 ----a-w- c:\program files (x86)\ooVoo_Chat\tbooVo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files (x86)\ooVoo_Chat\tbooVo.dll" [2009-10-01 2166296]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"Nnqqqd"="c:\users\Bailey\AppData\Roaming\Nnqqqd.exe" [2011-10-02 245760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"MFARestart"="c:\programdata\MFAData\pack\avgrunasx.exe" [2010-11-08 238432]
"etMon64"="c:\program files (x86)\USB Camera\Driver\INF\etMon64.exe" [2009-11-18 54272]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Abyssus"="c:\program files (x86)\Razer\Abyssus\razerhid.exe" [2011-03-10 231936]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-17 1043968]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-3 1082144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 136176]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [x]
R3 DCamUSBET;IOCO1.3;c:\windows\system32\DRIVERS\etDevice64.sys [x]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\plugins\UI\safedrv.sys [2010-11-17 27744]
R3 gupdatem;Layanan Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 136176]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\DB3G.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan64.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 126392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SjtWinIo;SJT I/O Driver;c:\windows\system32\DRIVERS\SjtWinIo.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PCTDS
*NewlyCreated* - PCTEFA
*NewlyCreated* - PCTSDINJDRIVER64
*NewlyCreated* - WS2IFSL
*Deregistered* - PCTSDInjDriver64
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 18:59]
.
2011-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 18:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-13 8224800]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-31 16407656]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0421&m=aspire_4740&r=27360210r945l0434z135t4432d332
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 218.186.1.38 202.156.1.58 202.156.1.48
FF - ProfilePath - c:\users\Bailey\AppData\Roaming\Mozilla\Firefox\Profiles\pruqai0b.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3635317089-1840651389-1341975630-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):e9,02,41,2d,61,22,e5,8c,da,a5,e1,82,e6,07,d4,e6,5a,2e,df,9c,ab,
f8,1a,5a,cc,67,1a,e2,c0,98,9c,69,7e,64,68,51,b5,39,5d,32,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3635317089-1840651389-1341975630-1000_Classes\Wow6432Node\CLSID\{c5d711a5-db97-412e-8bd0-2f78bb7100b3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000104
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,30,1c,f7,06,87,12,00,30,00,c4,c2,0d,ac,64,19,35,e4,32,03,b8,79,70,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-02 18:25:18
ComboFix-quarantined-files.txt 2011-10-02 10:25
.
Pre-Run: 155.171.467.264 bytes free
Post-Run: 154.586.886.144 bytes free
.
- - End Of File - - D9EF6ED7C8C75643E6965CEDC2AE6FFA

tashi
2011-10-02, 21:12
Hello nugrohoaldo,

FYI: Please DO NOT RUN ComboFix without being asked (http://forums.spybot.info/showthread.php?t=16806 )

Also this forum's sticky which includes guidelines and also instructions in post #2 on how to provide preliminary "DDS" logs which are used for analysis.
"BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start a new topic providing the DDS logs as shown in that sticky with a link back to this thread and a volunteer analyst will advise you when available. :)

Best regards.